skill: Fix double-increment of pid_count.

No need to "pid_count++;" because "ENLIST(pid," does it already. Right
now this can trigger a heap-based buffer overflow.

Also, remove the unneeded "pid_count = 0;" (it is static, and
skillsnice_parse() is called only once; and the other *_count variables
are not initialized explicitly either).
This commit is contained in:
Qualys Security Advisory - committed by Craig Small
parent b019fdba5c
commit 56e696ca5f

View File

@ -595,8 +595,6 @@ static void skillsnice_parse(int argc,
sig_or_pri = signo; sig_or_pri = signo;
} }
pid_count = 0;
while ((ch = while ((ch =
getopt_long(argc, argv, "c:dfilnp:Lt:u:vwhV", longopts, getopt_long(argc, argv, "c:dfilnp:Lt:u:vwhV", longopts,
NULL)) != -1) NULL)) != -1)
@ -623,7 +621,6 @@ static void skillsnice_parse(int argc,
ENLIST(pid, ENLIST(pid,
strtol_or_err(optarg, strtol_or_err(optarg,
_("failed to parse argument"))); _("failed to parse argument")));
pid_count++;
break; break;
case 'L': case 'L':
pretty_print_signals(); pretty_print_signals();
@ -692,7 +689,6 @@ static void skillsnice_parse(int argc,
num = strtol(argv[0], &end, 10); num = strtol(argv[0], &end, 10);
if (errno == 0 && argv[0] != end && end != NULL && *end == '\0') { if (errno == 0 && argv[0] != end && end != NULL && *end == '\0') {
ENLIST(pid, num); ENLIST(pid, num);
pid_count++;
} else { } else {
ENLIST(cmd, argv[0]); ENLIST(cmd, argv[0]);
} }